Fix: remove ClientSessionCache and add NextProtos for vmess to fix #1468

This commit is contained in:
Dreamacro 2021-07-03 20:34:44 +08:00
parent 3ca5d17c40
commit 995aa7a8fc
13 changed files with 9 additions and 48 deletions

View file

@ -125,7 +125,6 @@ func NewHttp(option HttpOption) *Http {
} }
tlsConfig = &tls.Config{ tlsConfig = &tls.Config{
InsecureSkipVerify: option.SkipCertVerify, InsecureSkipVerify: option.SkipCertVerify,
ClientSessionCache: getClientSessionCache(),
ServerName: sni, ServerName: sni,
} }
} }

View file

@ -149,7 +149,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
if opts.TLS { if opts.TLS {
v2rayOption.TLS = true v2rayOption.TLS = true
v2rayOption.SkipCertVerify = opts.SkipCertVerify v2rayOption.SkipCertVerify = opts.SkipCertVerify
v2rayOption.SessionCache = getClientSessionCache()
} }
} }

View file

@ -145,7 +145,6 @@ func NewSocks5(option Socks5Option) *Socks5 {
if option.TLS { if option.TLS {
tlsConfig = &tls.Config{ tlsConfig = &tls.Config{
InsecureSkipVerify: option.SkipCertVerify, InsecureSkipVerify: option.SkipCertVerify,
ClientSessionCache: getClientSessionCache(),
ServerName: option.Server, ServerName: option.Server,
} }
} }

View file

@ -127,11 +127,10 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port)) addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
tOption := &trojan.Option{ tOption := &trojan.Option{
Password: option.Password, Password: option.Password,
ALPN: option.ALPN, ALPN: option.ALPN,
ServerName: option.Server, ServerName: option.Server,
SkipCertVerify: option.SkipCertVerify, SkipCertVerify: option.SkipCertVerify,
ClientSessionCache: getClientSessionCache(),
} }
if option.SNI != "" { if option.SNI != "" {
@ -163,7 +162,6 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
InsecureSkipVerify: tOption.SkipCertVerify, InsecureSkipVerify: tOption.SkipCertVerify,
ServerName: tOption.ServerName, ServerName: tOption.ServerName,
ClientSessionCache: getClientSessionCache(),
} }
t.transport = gun.NewHTTP2Client(dialFn, tlsConfig) t.transport = gun.NewHTTP2Client(dialFn, tlsConfig)

View file

@ -2,10 +2,8 @@ package outbound
import ( import (
"bytes" "bytes"
"crypto/tls"
"net" "net"
"strconv" "strconv"
"sync"
"time" "time"
"github.com/Dreamacro/clash/component/resolver" "github.com/Dreamacro/clash/component/resolver"
@ -13,11 +11,6 @@ import (
"github.com/Dreamacro/clash/transport/socks5" "github.com/Dreamacro/clash/transport/socks5"
) )
var (
globalClientSessionCache tls.ClientSessionCache
once sync.Once
)
func tcpKeepAlive(c net.Conn) { func tcpKeepAlive(c net.Conn) {
if tcp, ok := c.(*net.TCPConn); ok { if tcp, ok := c.(*net.TCPConn); ok {
tcp.SetKeepAlive(true) tcp.SetKeepAlive(true)
@ -25,13 +18,6 @@ func tcpKeepAlive(c net.Conn) {
} }
} }
func getClientSessionCache() tls.ClientSessionCache {
once.Do(func() {
globalClientSessionCache = tls.NewLRUClientSessionCache(128)
})
return globalClientSessionCache
}
func serializesSocksAddr(metadata *C.Metadata) []byte { func serializesSocksAddr(metadata *C.Metadata) []byte {
var buf [][]byte var buf [][]byte
aType := uint8(metadata.AddrType) aType := uint8(metadata.AddrType)

View file

@ -86,7 +86,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
if v.option.TLS { if v.option.TLS {
wsOpts.TLS = true wsOpts.TLS = true
wsOpts.SessionCache = getClientSessionCache()
wsOpts.SkipCertVerify = v.option.SkipCertVerify wsOpts.SkipCertVerify = v.option.SkipCertVerify
wsOpts.ServerName = v.option.ServerName wsOpts.ServerName = v.option.ServerName
} }
@ -98,7 +97,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
tlsOpts := &vmess.TLSConfig{ tlsOpts := &vmess.TLSConfig{
Host: host, Host: host,
SkipCertVerify: v.option.SkipCertVerify, SkipCertVerify: v.option.SkipCertVerify,
SessionCache: getClientSessionCache(),
} }
if v.option.ServerName != "" { if v.option.ServerName != "" {
@ -125,7 +123,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
tlsOpts := vmess.TLSConfig{ tlsOpts := vmess.TLSConfig{
Host: host, Host: host,
SkipCertVerify: v.option.SkipCertVerify, SkipCertVerify: v.option.SkipCertVerify,
SessionCache: getClientSessionCache(),
NextProtos: []string{"h2"}, NextProtos: []string{"h2"},
} }
@ -153,7 +150,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
tlsOpts := &vmess.TLSConfig{ tlsOpts := &vmess.TLSConfig{
Host: host, Host: host,
SkipCertVerify: v.option.SkipCertVerify, SkipCertVerify: v.option.SkipCertVerify,
SessionCache: getClientSessionCache(),
} }
if v.option.ServerName != "" { if v.option.ServerName != "" {

View file

@ -3,7 +3,6 @@ package dns
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/tls"
"io/ioutil" "io/ioutil"
"net" "net"
"net/http" "net/http"
@ -76,7 +75,6 @@ func newDoHClient(url string, r *Resolver) *dohClient {
return &dohClient{ return &dohClient{
url: url, url: url,
transport: &http.Transport{ transport: &http.Transport{
TLSClientConfig: &tls.Config{ClientSessionCache: globalSessionCache},
ForceAttemptHTTP2: true, ForceAttemptHTTP2: true,
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
host, port, err := net.SplitHostPort(addr) host, port, err := net.SplitHostPort(addr)

View file

@ -2,7 +2,6 @@ package dns
import ( import (
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"math/rand" "math/rand"
@ -20,10 +19,6 @@ import (
"golang.org/x/sync/singleflight" "golang.org/x/sync/singleflight"
) )
var (
globalSessionCache = tls.NewLRUClientSessionCache(64)
)
type dnsClient interface { type dnsClient interface {
Exchange(m *D.Msg) (msg *D.Msg, err error) Exchange(m *D.Msg) (msg *D.Msg, err error)
ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err error) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err error)

View file

@ -127,7 +127,6 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient {
Client: &D.Client{ Client: &D.Client{
Net: s.Net, Net: s.Net,
TLSConfig: &tls.Config{ TLSConfig: &tls.Config{
ClientSessionCache: globalSessionCache,
// alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6 // alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6
NextProtos: []string{"dns"}, NextProtos: []string{"dns"},
ServerName: host, ServerName: host,

View file

@ -34,11 +34,10 @@ var (
) )
type Option struct { type Option struct {
Password string Password string
ALPN []string ALPN []string
ServerName string ServerName string
SkipCertVerify bool SkipCertVerify bool
ClientSessionCache tls.ClientSessionCache
} }
type Trojan struct { type Trojan struct {
@ -57,7 +56,6 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
InsecureSkipVerify: t.option.SkipCertVerify, InsecureSkipVerify: t.option.SkipCertVerify,
ServerName: t.option.ServerName, ServerName: t.option.ServerName,
ClientSessionCache: t.option.ClientSessionCache,
} }
tlsConn := tls.Client(conn, tlsConfig) tlsConn := tls.Client(conn, tlsConfig)

View file

@ -1,7 +1,6 @@
package obfs package obfs
import ( import (
"crypto/tls"
"net" "net"
"net/http" "net/http"
@ -16,7 +15,6 @@ type Option struct {
Headers map[string]string Headers map[string]string
TLS bool TLS bool
SkipCertVerify bool SkipCertVerify bool
SessionCache tls.ClientSessionCache
Mux bool Mux bool
} }
@ -34,7 +32,6 @@ func NewV2rayObfs(conn net.Conn, option *Option) (net.Conn, error) {
TLS: option.TLS, TLS: option.TLS,
Headers: header, Headers: header,
SkipCertVerify: option.SkipCertVerify, SkipCertVerify: option.SkipCertVerify,
SessionCache: option.SessionCache,
} }
var err error var err error

View file

@ -8,7 +8,6 @@ import (
type TLSConfig struct { type TLSConfig struct {
Host string Host string
SkipCertVerify bool SkipCertVerify bool
SessionCache tls.ClientSessionCache
NextProtos []string NextProtos []string
} }
@ -16,7 +15,6 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
ServerName: cfg.Host, ServerName: cfg.Host,
InsecureSkipVerify: cfg.SkipCertVerify, InsecureSkipVerify: cfg.SkipCertVerify,
ClientSessionCache: cfg.SessionCache,
NextProtos: cfg.NextProtos, NextProtos: cfg.NextProtos,
} }

View file

@ -32,7 +32,6 @@ type WebsocketConfig struct {
TLS bool TLS bool
SkipCertVerify bool SkipCertVerify bool
ServerName string ServerName string
SessionCache tls.ClientSessionCache
} }
// Read implements net.Conn.Read() // Read implements net.Conn.Read()
@ -130,7 +129,7 @@ func StreamWebsocketConn(conn net.Conn, c *WebsocketConfig) (net.Conn, error) {
dialer.TLSClientConfig = &tls.Config{ dialer.TLSClientConfig = &tls.Config{
ServerName: c.Host, ServerName: c.Host,
InsecureSkipVerify: c.SkipCertVerify, InsecureSkipVerify: c.SkipCertVerify,
ClientSessionCache: c.SessionCache, NextProtos: []string{"http/1.1"},
} }
if c.ServerName != "" { if c.ServerName != "" {